Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-000121

    The organization disseminates formal, documented, procedures to elements within the organization having associated audit and accountability roles a...
    Show

  • CCI-000122

    Review and update the current audit and accountability procedures on an organization-defined frequency.
    Show

  • CCI-000123

    Identify the organization-defined event types that the system is capable of logging in support of the audit function.
    Show

  • CCI-000124

    Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection crit...
    Show

  • CCI-000125

    Provide a rationale for why the event types selected for logging are deemed to be adequate for support after-the-fact investigations of incidents.
    Show

  • CCI-000126

    Specify the organization-defined event types (subset of the event types defined in AU-2a) along with the frequency of (or situation requiring loggi...
    Show

  • CCI-000127

    The organization reviews and updates the list of organization-defined audited events on an organization-defined frequency.
    Show

  • CCI-000128

    The organization includes execution of privileged functions in the list of events to be audited by the information system.
    Show

  • CCI-000129

    The organization defines in the auditable events that the information system must be capable of auditing based on a risk assessment and mission/bus...
    Show

  • CCI-000130

    Ensure that audit records containing information that establishes what type of event occurred.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules